Blacklisting v Whitelisting
A recent 2020 report into the state of Application Security has brought to light that applications continue to be the “weakest link” when it comes to vulnerability to security threats. The report cited open source software as the main concern to security vulnerabilities, noting an immense 50% rise over the last year; of these external threats, 42% exploited a software vulnerability, whilst 35% came via a web application.
Over time, applications have become more complicated, relying on third-party libraries and supporting newer frameworks. As a result, risk is heightened further by new attack surfaces, unsecured APIs, image integrity, and changes to containers and functions in production.
Yet with more than a third of software developers releasing new features or monthly updates to applications, app security will always be the biggest challenge to continuously maintain. The pressure is on developers to ensure their app security tools and processes are up to date with every iteration of app software.
What does application security have to do with my business?
Incredibly, despite the risks posed by applications to device security, only 1 in 10 organisations fully integrate security throughout their Software Development Life Cycle (SDLC), and often this does not even include any forms of IAST or DAST (Interactive/Dynamic App Security Testing).
As discovered in Verizon’s Data Breach Investigations report, 90% of cyber incidents came via web applications over the past year. There is no doubt this is the main source of threat, and the question now stands: what can businesses begin to do to address their application security and procedure of use?
Blacklisting VS Whitelisting
Blacklisting and whitelisting helps to keep applications, infrastructures and networks secure. Often, most systems will not allow you to do both at the same time.
With whitelisting applications, businesses are afforded the ability to block all external applications, except those which are given permissions to be used within the organisation. For whitelisted apps, regular security checks or patches are required to maintain the optimum level of security, and minimum threat of risk. Whitelisting is more commonly used for organisations who wish to maintain a stricter level of control on their security risks and user access; for example, limiting app to single use permissions, or making it only usable via whitelisted computers or IP addresses.
Blacklisting takes a slightly more relaxed position when it comes to application and network security; most websites or applications are accepted to use, however only particular ones that are believed to be a malicious threat, or otherwise avoided, are banned by the device. Typically, blacklisting is utilised to block known threats, but is the best option to use for organisations that wish to keep their user base or offer of service open to the public.
With whitelisting, the ability to control behaviour in order to limit security risks is the key difference between blacklisting, which utilises an identity based access method. Blacklisting affords more flexibility for the user, whereas whitelisting maintains that extra level of management.
As a part of our Serbus Secure suite, you have the ability to blacklist and/or whitelist applications on your devices. If you’d like to enquire about how we can meet your requirements and assist with your mobile defence strategy, get in touch on [email protected], or call our office on +44 (0) 1432 870879.